This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Quota Limits Not Respected When Using x-api-key Header in API Gateway

Posted on 01-21-2025 12:17 AM
Alex257
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Team,

I have configured my openapi.yaml to restrict access to one of the API endpoints with the following quota settings:

x-google-management:
metrics:
- name: "read-requests"
displayName: "Read requests"
valueType: INT64
metricKind: DELTA
quota:
limits:
- name: "read-limit"
metric: "read-requests"
unit: "1/min/{project}"
values:
STANDARD: 3

Here is the relevant path configuration:

paths:
/v1/ds:
get:
summary: Retrieve Data
operationId: getAggDailyData
x-google-backend:
path_translation: APPEND_PATH_TO_ADDRESS
address: ${PUB_API_FNC_URL}
x-google-quota:
metricCosts:
"read-requests": 1

*no security def

*the backend of the api gateway path is a cloud function

Issue:
When I add the x-api-key header to the request, the quota limits are not being enforced, regardless of the value provided in the header. However, when the x-api-key header is not included, the quota works as expected.

Details:

There are no security definitions configured in the OpenAPI spec.
The x-api-key is not explicitly associated with any project in the configuration.
Could you help me understand why the quota enforcement is bypassed when the x-api-key header is present and how I can resolve this?

Thanks in advance for your assistance!

1 0 89
Topic Labels
Reply
0 REPLIES 0